community
/
dns
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

more tsig work - still does not validate but getting close

This commit is contained in:
Miek Gieben 2011-03-14 12:28:04 +01:00
parent 36b77b3b8b
commit 82bb573f56
4 changed files with 41 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
README.markdown
View File

@ -38,6 +38,7 @@ Miek Gieben - 2010, 2011 - miek@miek.nl
* 403{3,4,5} - DNSSEC + validation functions
* 4255 - SSHFP
* 4408 - SPF
* 4635 - HMAC SHA TSIG
* 5001 - NSID
* 5155 - NSEC
* 5936 - AXFR

2
msg.go
View File

@ -677,7 +677,7 @@ func unpackStructValue(val *reflect.StructValue, msg []byte, off int) (off1 int,
s = unpackBase32(msg[off : off+size])
off += size
case "size-hex":
// a "size" string, but a it must be encoded in hex in the string
// a "size" string, but it must be encoded in hex in the string
var size int
switch val.Type().Name() {
case "RR_NSEC3":

11
resolver.go
View File

@ -275,11 +275,16 @@ Server:
if tsig && len(in.Extra) > 0 { // What if not included?
t := in.Extra[len(in.Extra)-1]
println(t.String())
switch t.(type) {
case *RR_TSIG:
if t.(*RR_TSIG).Verify(in, secret) {
println("Validates")
} else {
println("DOES NOT validates")
}
}
}
println(in.String())
if first {
if !checkAxfrSOA(in, true) {
c.Close()

38
tsig.go
View File

@ -12,9 +12,9 @@ import (
// HMAC hashing codes. These are transmitted as domain names.
const (
HmacMD5 = "hmac-md5.sig-alg.reg.int"
HmacSHA1 = "hmac-sha1"
HmacSHA256 = "hmac-sha256"
HmacMD5 = "hmac-md5.sig-alg.reg.int."
HmacSHA1 = "hmac-sha1."
HmacSHA256 = "hmac-sha256."
)
type RR_TSIG struct {
@ -72,6 +72,11 @@ type tsigWireFmt struct {
OtherData string "size-hex"
}
// If we have the MAC use this type to convert it to wiredata
type macWireFmt struct {
MAC string "size-hex"
}
// Generate the HMAC for message. The TSIG RR is modified
// to include the MAC and MACSize. Note the the msg Id must
// already be set, otherwise the MAC will not be correct when
@ -109,7 +114,7 @@ func (t *RR_TSIG) Verify(m *Msg, secret string) bool {
return false
}
msg2 := m // TODO deep copy TODO(mg)
msg2 := m // Deep copy TODO(mg)
if len(msg2.Extra) < 1 {
// nothing in additional
return false
@ -123,14 +128,19 @@ func (t *RR_TSIG) Verify(m *Msg, secret string) bool {
if !ok {
return false
}
h := hmac.NewMD5([]byte(rawsecret))
io.WriteString(h, string(buf))
return strings.ToUpper(hex.EncodeToString(h.Sum())) == t.MAC
println(strings.ToUpper(t.MAC))
println(strings.ToUpper(hex.EncodeToString(h.Sum())))
return strings.ToUpper(hex.EncodeToString(h.Sum())) == strings.ToUpper(t.MAC)
}
// INclude the MAC when verifying
func tsigToBuf(rr *RR_TSIG, msg *Msg) ([]byte, bool) {
// Fill the struct and generate the wiredata
buf := make([]byte, DefaultMsgSize) // TODO(mg) bufsize!
var mb []byte
buf := make([]byte, DefaultMsgSize)
tsig := new(tsigWireFmt)
tsig.Name = rr.Header().Name
tsig.Class = rr.Header().Class
@ -150,7 +160,21 @@ func tsigToBuf(rr *RR_TSIG, msg *Msg) ([]byte, bool) {
if !ok {
return nil, false
}
// First the pkg, then the tsig wire fmt
if rr.MAC != "" {
m := new(macWireFmt)
m.MAC = rr.MAC
mb = make([]byte, len(rr.MAC)) // t.MAC should be twice as long
n, ok := packStruct(m, mb, 0)
if !ok {
return nil, false
}
mb = mb[:n]
}
// If there is a MAC included in the TSIG it should be added first
// otherwise just the pkg and then the TSIG wire fmt
buf = append(msgbuf, buf...)
if mb != nil {
buf = append(mb, buf...)
}
return buf, true
}